Field of the Invention
The invention relates to a method for checking the authenticity of a data medium, in particular a smart card, which has at least one memory, and a specific, physical feature of the data medium being stored in encrypted form in the memory.
Such a method is known from Published, European Patent Application EP 0 112 461 A1. There, the characteristics of an antenna contained in an identity card are stored in encrypted form in the card. For an authenticity check, this value is compared with a value that results from the currently measured antenna characteristics, for which the encryption algorithm was likewise used.
The Published, European Patent Application EP 0 112 461 A1 does not define whether the comparison and the formation of the code number are carried out in the card or in the terminal. In the first case, this results in the problem that a forged card can always signal a positive comparison result irrespective of the actual comparison result, so that no real authenticity check has to be carried out. In the second case, the measuring terminal must also contain the secret algorithm and the secret number, and this represents a security risk. Furthermore, each terminal must contain the algorithm and the secret number for each card.
Published, European Patent Application EP 0 583 709 A1 likewise describes an authenticity identification method, in is which physical characteristics to be measured are stored in encrypted form, and are later compared with physical characteristics that need to be measured once again, after decryption. An asymmetric encryption and decryption method may also be used in this case. However, this results in the problem of a high level of memory and administration complexity in the terminal for the large number of public keys for the individual data media in a system.
Data media which are intended to be subjected to an authenticity checking method generally have a counter whose count represents a monetary value and thus provide an incentive for copying or simulation. Alternatively, such an incentive results when such data media are used for access control systems or in the area of social security.
A semiconductor chip can be copied identically, so that all the secret numbers and encrypted data, such as the encrypted physical feature, are also contained on the copy without having to understand the detailed circuit configuration, so that there is a major security risk here. However, carrying out the known authenticity checks by use of a physical feature which differs for each data medium and is as complicated as possible, and can thus be simulated only with great difficulty, is a first step towards improved forgery security since, although a criminal can simulate a chip, it is virtually impossible to simulate a card matching this, with the correct physical feature.
For the known methods, the encryption and decryption algorithm as well as the key number to be kept secret or the public key number must be present in each terminal, in order likewise either to encrypt the measured data and to compare the encrypted forms, or to decrypt the encrypted form of the data read from the card, and to compare this with the original data. However, this involves considerable security risks, since this gives a criminal the incentive to misappropriate and to analyze terminals.
It is accordingly an object of the invention to provide a method for checking the authenticity of a data medium that overcomes the above-mentioned disadvantages of the prior art methods of this general, which offers a high level of security.
With the foregoing and other objects in view there is provided, in accordance with the invention, a method for checking the authenticity of a data medium having at least one memory and a specific physical feature of the data medium being stored in encrypted form in the at least one memory. The specific physical feature is encrypted using a first specific, secret key, in addition, a second specific, public key associated with the first specific, secret key and a form of the second specific public key is encrypted using a third global, secret key resulting in an encrypted second specific, public key being stored in the data medium, the method which includes:
a) reading the second specific, public key and the encrypted second specific, public key from the data medium via a terminal;
b) using a fourth global, public key, stored in the terminal, to calculate a test second key, and comparing the test second key with the second specific, public key previously read;
c) carrying out method steps d) to f) if a match is found between the test second key and the second specific, public key and ending the method steps if no match is found;
d) reading and measuring the encrypted form of the specific physical feature from the at least one memory of the data medium via the terminal resulting in a measured physical feature;
e) using the second specific, public key to calculate a test physical feature via the terminal, and comparing the test physical feature with the measured physical feature; and
f) confirming an authenticity of the data medium if the test physical feature matches the measured physical feature, and ending the method steps if the test physical feature does not match the measured physical feature.
In the method according to the invention, a comparison is carried out in the terminal without the secret key having to be provided in the terminal, since asymmetric encryption is used. Asymmetric encryption refers to encryption that is carried out using a key that differs from that used for decryption and, even if the respective other key is known, neither of the two keys can be calculated. The decryption key may be generally known and in general can be found in files that are accessible to anyonexe2x80x94for example from the Internet.
The public key is in this case assigned to a specific, special card system operator, such as credit card companies or banks and insurance companies. The essential feature of the method according to the invention is that the secret key, which is known only to the system operator, cannot be calculated from the public key. The RSA method is quoted as an example of an asymmetric encryption method.
If only the encrypted feature is transmitted to the terminal, it is necessary for the public keys of all system operators to be stored in the terminal or to be accessible via, for example, an Intranet connection, by all those who wish to use this terminal. In order to avoid this disadvantage, the public, specific key is stored in encrypted form in the card, according to a development of the invention, in which case a secret, global key was used for its encryption. This secret, global key is known, for example, only to central banks or other official institutions. Any public, specific key is used for the encryption. The unencrypted, public, specific key is also stored in the card.
Only the public, global key associated with the secret, global key is then contained in the terminal, by which the encrypted form of the public, specific key is decrypted and is compared with the original key, which is actually likewise stored. A match then shows that the correct secret, global key has been used for encryption of the public, specific key and certification, for example by the central bank, which thus guarantees that the public, specific key is correct, and can be used for decryption of the physical feature.
An antenna characteristic such as the Q-factor or else a combination of such characteristics may be used as a physical feature for non-contacting data media. Further options for physical features are quoted in European Patent EP 0 676 073 B1 and Published, European Patent Application EP 0 602 643 A2. There, an adjustable resistor network or the characteristics of an EEPROM cell are proposed as a card-specific, physical feature.
Other features which are considered as characteristic for the invention are set forth in the appended claims.
Although the invention is illustrated and described herein as embodied in a method for checking the authenticity of a data medium, it is nevertheless not intended to be limited to the details shown, since various modifications and structural changes may be made therein without departing from the spirit of the invention and within the scope and range of equivalents of the claims.